The scenario described by Cliff is the equivilant of my sending junk emails to Steve with Cliff's email address as the return address or sender. Steve is absolutely right. I am hopeful though that there might be a way to stop these emails as spam filters get smarter. But then again the spammers also get smarter but I am still hopeful. Firm. On Aug 25, 2009, at 4:08 PM, "STeve Andre'" <[log in to unmask]> wrote: > On Tuesday 25 August 2009 10:35:06 Clifford Beckett wrote: >> Hello Network admins. >> I have a user who is receiving email error messages indicating a >> "BANNED >> CONTENTS ALERT" from <[log in to unmask]> on emails that >> claim to be sent by this user but were not. Who should I talk to >> about >> this problem? Our email is primarily handled through the >> Engineering >> email server. The error message includes this information >> >> First upstream SMTP client IP address: [61.47.11.234] unknown >> According to a 'Received:' trace, the message originated at: >> [61.47.11.234], egr.msu.edu (unknown [61.47.11.234]) >> >> Thanks >> Cliff > > I don't think it makes sense to worry about this. We're all going to > see this for the rest of our lives, and there is nothing that can be > done about it, short of re-architecting the net itself, and all other > communications devices. > > Having the IP address is useless, basically. Chances are the dreck is > originating from some poor infected Windows machine, and its > owner has no idea their machine is shoveling out garbage. At the > very best, you can get the individual to clean up their machine, > but then they'll screw up patching, or not upgrade to the latest > version of some security horror like Flash, and will again get under > the control of something evil and it starts all over again. > > If I sound jaded, its because I have fought spam/spit/email > marketers in the past, and found that some huge amount (like > 95%) came from compromised machines, and once I got the > owners to even understand what that meant (and got it cleaned > up), they all got infected again (four machines). > > The solution is to educate our users, to never, ever ever ever fall > for requests for anything online, via txt message, or automated > phone call requests (ever get a robotic voice asking for your > bank data?), and discard them. > > Nothing else will work, nothing else is ever going to work. > > Teaching people to beware of scams is one of the most important > parts of using the net. That is the one defense that will work, > which the vandals can't get around. > > --STeve Andre'